Apr 17 2011
I have two young boys who are addicted to Minecraft. They wake up in the morning, log onto a Minecraft server, play as long as we’ll let them and then get back onto the servers as soon as we’ll let them. I was a little concerned at first because I really didn’t know much about the game, but I discovered I had several adult friends in the security community who were also playing the game, so I was willing to let the boys play on a system a friend runs. I don’t know about you, but it makes me feel a lot better about letting my kids play online when I know I can contact the administrator with a quick phone call or email.
Playing on someone else’s server is fun for the boys, but since Minecraft is a game of mining resources and constructing almost anything you can imagine, an eventual request came to build the boys their own server. Minecraft isn’t very resource intensive, it’s a Java based program that runs pretty decently on a low end server, at least if you only have two or three people using the server at a time. Since, like most geeks, I have several computers that are running 24/7 and have some spare memory, I was able to throw up our own home Minecraft server without too many problems. And as Minecraft has matured and added plugins, I could give the boys additional capabilities and superuser access so they can give themselves whatever resources they want to build anything they want. This kept them happy for a little while and gave me something to hold over their heads to get their homework done. It’s a lot easier to deny them access to the server when you can shut it down in a couple of seconds.
The next step came when the boys told their cousin about Minecraft and he started playing as well. It’s a community game and they often play together on public servers, but the lure of having superuser accounts and just having control of their environment with their cousin was strong. So the continuing plea of ‘Dad, can we make our Minecraft server public?” started. With the continued reply of “No.” to go with it. They tried several tactics, such as explaining the white and black listing capabilities of Minecraft, offering their cousin’s server instead if I’d tell them how to make it public, as well as several other plans that only a pre-teen could come up with. All of which were still denied.
It’s not that I don’t want my sons to have their own Minecraft server, it’s just that the security of my home network is more important to me than them playing a game that necessitates poking a hole in my network to the outside world. I’m a security professional and I know that despite that, I don’t know enough to lock down any program with 100% certainty once I’ve opened it up to the Internet. I do not currently allow any services to be served to the Internet from my home network and I have no intentions of changing that in the near future. I’ve also had several discussions that lead me to believe that while Minecraft doesn’t have any currently know publicly exploitable vulnerabilities, security is not a major concern of the developers and it’s only a matter of time before someone turns their full attention to rectifying the lack of exploits. Especially considering how popular Minecraft has become.
I’m the kind of father who wants to give their kids as many geek toys as he can, first to test my own abilities and second to give them something to stretch their own capabilities. Or perhaps it’s the other way around. In either case, I wanted to give my kids what they wanted, a publicly accessible Minecraft server that was not part of my home network and did not put any of my resources at risk, however minor. Which is when I realized I had a technology I’ve been meaning to learn more about and was just looking for an excuse to play with: the Cloud! I’ve been remiss in my duties as a geek and security professional in that I’d been reading about Cloud technologies, I’ve been listening to what others have to say and I’ve even given a talk about PCI in the Cloud, but I’d never actually signed up for a cloud service and created my own server because I didn’t have a real use for one. Setting up a Minecraft server on Amazon’s EC2 this weekend became the perfect solution to both issues, giving the boys a Minecraft server that I didn’t care who connected to and giving me a chance to stretch a little and learn more about the technology that is on everyone’s lips this year (and probably the next several)
I’ll be honest, one of the things that made this easy is that I found a step by step guide to creating a Minecraft server on the Minecraft forums. I’m including a copy of the guide in the extended post because I don’t want to take the chance of losing the information if something happens on the forums, an old habit of mine. I’ll add a few of my own notes to it as well. This was a huge help and probably cut my installation time by 3/4.
Signing up for all the Amazon Web Services was easy and only took about 30 minutes. I needed to sign up for these in any case for another project, but that’s someone else’s tale to tell when he’s ready. From that point on, the guide was spot on. I don’t think it was more than 30 minutes later that I had the boys personal Minecraft server up and running. As suggested, I chose a small, spot request instance of the default Linux installation, reserved an Elastic IP address, associated it and the server was up and running. I performed a few additional steps, like installing Bukkit and half a dozen plugins that the boys requested. Most of it was as easy as using wget to pull first bukkit and then the plugins and restarting server. I did have one minor problem in that one of the plugins was being hosted on a server using HTTPS and I had to modify the wget parameters, but that’s relatively minor to overcome.
I’ve been running our Minecraft server on Amazon’s EC2 for about 24 hours now. I made it clear to the boys that this server is only going to be up when evenings and weekends, which turns out to be a good thing. It’s not a huge cost, but in the past day this installation of Minecraft has cost me approximately $1.50 to run at a fairly low load, which could quickly add up to $40-50 or more per month. If there were more people using it, if their cousin actually had a full Minecraft account and could play with them, and if I didn’t already have a Minecraft server running on the home network, I might be willing to pay that, but for the most part they’re going to have to live with the server only being available when I say it is. I’m not an authoritarian … wait, no scratch that. When it comes to my kids, yes, I am the authorities and my wife lets me say so.
All in all, this was a worthwhile project; it gave me some experience with the Cloud and specifically AWS. I walked the kids through some sections of the installation, which taught us all a few lessons. They get a Minecraft server they can share with their cousin and friends, without my having to open my network or pay an arm and a leg. But I am realizing that it’s important to watch your Cloud instances or you’re going to end up paying a lot more than you thought very quickly.